Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integrate misti static analyzer #92

Open
anton-trunov opened this issue Aug 23, 2024 · 10 comments
Open

Integrate misti static analyzer #92

anton-trunov opened this issue Aug 23, 2024 · 10 comments

Comments

@anton-trunov
Copy link

https://github.com/nowarp/misti

I would imagine it could be a new button on the left bar, somewhere near the Build button.
@anton-trunov anton-trunov mentioned this issue Aug 23, 2024
Closed
@rahulyadav-57
Copy link
Member

@anton-trunov I think it would be better to display the analysis directly in the editor, similar to how ESLint works in VSCode, and also during the contract pre-build (with an option to enable it in the settings).

@anton-trunov
Copy link
Author

Sure, that works. Just keep in mind that sometimes the analysis can take a lot of time to finish (it's not incremental), so we need also some kind of indication that Misti is working in the background.

@jubnzv
Copy link

jubnzv commented Sep 19, 2024

@rahulyadav-57 Two questions on this:

  1. Is there a canonical way to configure tools used in the IDE? Misti uses a configuration file to select detectors and set up some options for them. These should be accessible to the user. Maybe we need an additional UI setting element to configure this.
  2. Where is the IDE hosted? Can we install Souffle on the server?

@rahulyadav-57
Copy link
Member

We can pass the configuration file without any issues, as we have a virtual file system in place. The IDE is just a static build and doesn't require any API, as everything is built and stored in the browser. Is there another option we can consider without using Souffle?

@jubnzv
Copy link

jubnzv commented Sep 19, 2024

Is there another option we can consider without using Souffle?

Not really. Some of the detectors won't be available without it.

We could consider compiling Souffle to WASM as an ultimate hack, but it will be a PITA to maintain it.

@rahulyadav-57
Copy link
Member

Could you check it once if we can use any JavaScript alternative for Souffle?

@jubnzv
Copy link

jubnzv commented Sep 19, 2024
edited
Loading

We cannot.

Misti uses specific features to leverage the Souffle Datalog variant. It should not be changed, as we use a code generator for that Datalog variant, and this logic must remain unchanged.

@rahulyadav-57
Copy link
Member

@anton-trunov I won't be able to integrate it with the Web IDE due to the dependency on Souffle. The only remaining option we have is to sync the contract file for each project to the server and perform the static analysis there.

@jubnzv
Copy link

jubnzv commented Sep 19, 2024
edited
Loading

Actually, we have three possible solutions for this issue:

  1. Build a wasm binary for Soufflé. It might be non-trivial, but it seems possible, as demonstrated here: https://github.com/philzook58/souffle/tree/emscripten2
  2. Run the server part that provides an API to execute Misti. From my perspective, it seems generally useful to have this in the IDE.
  3. Run a simplified version of Misti that doesn't run Soufflé-based analyses.

@anton-trunov
Copy link
Author

We can start with the third option and then explore the first one. For instance, we cannot expect the IDE to support running Soufflé for free during programming contests (we expect at least thousands of participants) as this can be used to DDoS us. So, let's postpone the second option until we can collaborate with the devops team on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@anton-trunov @jubnzv @rahulyadav-57